Jeremy Stanley
b89296fee2
Presently, the OpenStack release managers have special access granted over every project in OpenDev's Gerrit due to historical entries in the All-Projects ACL. These permissions allow creation of branches, pushing tags and abandoning open changes, and they would like to add deletion of branches to the mix. It would be ideal, both for safety and correctness, to only have those permissions apply to projects in the "openstack/" namespace, and this could be accomplished with Gerrit's ACL inheritance feature. Create a new empty repository which serves only as a reference to a Gerrit ACL, for future use as an inherited base ACL in official OpenStack projects. It is intentional that this repository lacks typical change approval rights, an entry in the Zuul config, and so on, as it should never receive proposed changes nor need to test and merge them. When copying in the Release Managers group permissions, replace pushTag with the stricter pushSignedTag since we expect all tags to be signed (Zuul would ignore unsigned tag events anyway). Change-Id: Ifb7ef3870b2c2d876a3dbe21a4ad7a930f09ee5c
13 lines
253 B
Plaintext
13 lines
253 B
Plaintext
[access "refs/*"]
|
|
abandon = group Release Managers
|
|
create = group Release Managers
|
|
delete = group Release Managers
|
|
pushSignedTag = group Release Managers
|
|
|
|
[receive]
|
|
requireChangeId = true
|
|
requireContributorAgreement = true
|
|
|
|
[submit]
|
|
mergeContent = true
|